Project

General

Profile

Feature #2436

closed

[mod_auth] Implement the ssl backend/method

Added by KiBi about 8 years ago. Updated about 7 years ago.

Status:
Fixed
Priority:
Normal
Category:
-
Target version:
ASK QUESTIONS IN Forums:

Description

Hello,

please let me quote the commit message, which should say it all:

[mod_auth] Implement the ssl backend/method.

When SSL client certificate verification if activated (even if not
enforced), one can specify a given field of the certificate to be used
as the username, making it possible to set access restrictions based
on that username. Connecting without a certificate means a denied
access to restricted paths (no username).

Configuration example:

    ssl.verifyclient.activate       = "enable" 
    ssl.verifyclient.enforce        = "disable" 
    # more ssl-related settings

    auth.backend = "ssl" 
    auth.backend.ssl.field = "SSL_CLIENT_S_DN_CN" 
    auth.require = (
        "/any-ssl-user" => (
            "require" => "valid-user",
            "method"  => "ssl" 
        ),
        "/only-specific-ssl-users" => (
             "require" => "user=james|user=alec",
             "method"  => "ssl" 
        )
    )

Signed-off-by: Cyril Brulebois <kibi@debian.org>

I've tested this successfully on 1.4.28; I've also tried to make sure misconfigurations are detected properly.

The patch applied cleanly on 1.4.32, except for the documentation file that moved under doc/outdated/.

Mraw,
KiBi.


Files

#1

Updated by stbuehler over 7 years ago

  • Target version changed from 1.4.x to 1.4.33
#2

Updated by stbuehler about 7 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2894.

Also available in: Atom